Testing for coronavirus and communicating the results
The GGDs used to test for coronavirus. Testing stopped on 18 March 2023. The GGDs do still keep your personal data in a medical file.
Who works with your personal data?
GGD GHOR Nederland manages the CoronIT IT system for the GGDs. The GGDs are responsible for your personal data if you take a coronavirus test. We use this system to use and store your personal data. We do this in accordance with the rules set out in the law. This means that we handle your personal data properly and safely. We must also tell you what data we have about you, what we do with it, and who works with it. We share your data with the following organisations:
CoronIT is the IT system for the test process and communication. We keep your medical file with your test and vaccination data in this system. It lets the GGDs see whose test result it is. Normally, GGD GHOR Nederland cannot see this information, unless there is a problem that our Service Desk needs to solve. Then we will be allowed to see this data for our Service Desk work. The picture below shows where your data goes.
What happens to your personal data?
You took a coronavirus test at the GGD. The GGD keeps all your test data in your medical file. The GGD is required to keep this medical file.
What else do we use your personal data for?
It is important that we know how many infections there were in the Netherlands and how many tests have been done. We use your data to find this out, but in a general, anonymous way. This means that we don’t see any of your personal data in the information. Researchers might also use your data for scientific research. This is also done anonymously, and it follows the rules that apply to scientific research.
When do we send your data to other organisations?
In some situations we send data related to you to other organisations. Can people find out from this data that it is linked to you? Then we will only send it if you have given your permission. Or if we are required by law to send the data.
We make sure that the other organisations cannot figure out from the data exactly whose data it is. We cooperate with the following organisations. We have sent data to them. Or we will if they ask for it:
What personal data do we use?
We have recorded your personal data in your medical file. The personal data in your medical file that relates to testing is:
You log in to the coronatest website with your DigiD. This will help you make your appointment securely. It will also let us know who is making the appointment. We will not be able to see your DigiD username or password.
What laws apply to the way we use your personal data?
The General Data Protection Regulation (GDPR) states that we can only use your personal data if we have certain reasons. These are called ‘valid’ reasons. The GDPR states that these valid reasons are: ‘consent, agreement, legal obligation, vital interest, public task / public interest or legitimate interest.’
We use your data to fight an infectious disease epidemic. This is a public task or a public interest task. The GGD is also required by law to record your personal data in a medical file for these types of diseases. This is stated in the Wet op de geneeskundige behandelsovereenkomst (translated here as the Dutch Medical Treatment Contracts Act).
If you contact GGD GHOR Nederland to check your data so that you can get proof of recovery, we will record your telephone conversation. We do this to make sure any complaints are handled properly. We are allowed to record these conversations on the basis of Article 6, paragraph 1f of the GDPR.
How long do we keep your personal data?
We keep your personal data for a maximum of twenty years. This is required by the Wet op de geneeskundige behandelsovereenkomst (translated here as the Dutch Medical Treatment Contracts Act). After this time, we destroy the data or make it anonymous.
During the coronavirus test, an employee used a cotton swab to remove cells from your nose and throat. This cotton swab was sent to a laboratory to be tested. How long the laboratory keeps the cotton swab depends on the result of the test:
We do not collect your DNA
We will ask for your permission if we want to keep your personal data longer. The only time we wouldn’t ask you this is if we need to keep it longer because of another law.
If you called the call centre to make a testing appointment, the phone company of the call centre will keep your phone number for 11 months. This is required by the Telecommunicatiewet (translated here as the Telecom Act).
If you contact GGD GHOR Nederland to check your data, we will keep the recording of this telephone conversation for 4 weeks.
How do we protect your personal data?
We think it is important to keep your personal data safe. To do that, we make agreements with the people and organisations that process the data for us. The agreements say what they can do with your data for us.
What else do we do?
What are your rights?
These are your rights under the law:
You can contact the GGD that performed your test for all of these situations.
Do you have questions or complaints about the use of your personal data?
Do you have questions or complaints about the use of your personal data? Please contact the Data Protection Officer at the GGD that performed your test. Or the organisation that tested you. Every GGD and other organisation for coronavirus testing has a Privacy Statement. This tells you who the Officer is.
Appendix 1 lists the website addresses for all GGDs.
You can also report a complaint to GGD GHOR Nederland. You can do this by sending your complaint to the GGD GHOR Nederland’s Data Protection Officer. The email address is firstname.lastname@example.org.
What if we handle your complaint and you don’t agree with the outcome? Or with the way we handled your complaint? Then you can send a complaint to the Dutch Data Protection Authority. You can do this at this website.
We will adjust this privacy statement as necessary. For example, if we have to change who processes personal data, or which personal data we use.
We last updated this statement on 8 May, 2023.
Would you like to know which GGD belongs to your municipality? You can see this at www.ggd.nl.